A Distributed Denial of Service, or DDoS, attack attempts to overwhelm and temporarily take down a targeted website by flooding it with traffic from various sources. It is estimated that there are about 50 million DDoS attacks every year, which account for about one-third of downtime. Just last year, attackers targeted Dyn, Inc., which is a domain name server that routes traffic across the internet. As a result of the attack, a number of high profile websites were temporarily unavailable, including Twitter, PayPal, Basecamp, Spotify, Reddit, and Yelp.
Clearly, this is a huge issue for businesses with an online presence, so it’s important to learn about the different types of attacks, why they occur, and what you can do to stop them. Here’s what you need to know:
How A DDoS Attack Works
Before the attack can occur, the attackers must build botnets, which are networks of computers that can be used to flood the targeted website with traffic. To build this network, attackers spread malicious software that can help them remotely control other people’s computers without their knowledge. Computer owners can quickly become part of a botnet network by downloading unknown files or opening email attachments. The larger the network of computers, the more powerful the DDoS attack will be. Some botnets consist of millions of computers, however the average size of a botnet is around 6,000 computers.
Attackers who do not have the ability to build their own botnet can easily purchase one to use in a DDoS attack. There are many underground markets on the web that sell botnets for as little as $150.
After the attacker has secured the botnet, he is able to launch a DDoS attack on a targeted website. The botnet can operate in a number of ways depending on the type of DDoS attack that is being used.
Types of DDoS Attacks
There are three main ways that a botnet can attack a website, including:
Volumetric Attacks
Volumetric attacks account for about 65% of all DDoS attacks. This type of attack occurs when the botnet floods the targeted website’s network with a huge amount of what seems to be legitimate traffic. Doing so eats the website’s bandwidth and causes it to become incredibly slow or completely stop functioning while it tries to process the many requests.
Application Layer Attacks
This type of attack accounts for about 17% of all DDoS attacks. Instead of attacking the entire network, it targets and attempts to disable specific applications. Application layer attacks can disrupt search functions, information retrievals, photo applications, and more on a website. In 2012, it was reported that these attacks were being used on banking websites to distract IT teams while the attackers stole sensitive information. The financial industry was hit hard by these attacks—in fact, it is estimated that the industry lost roughly $17 million per DDoS attack during this year.
Unfortunately, application layer attacks are more difficult to detect than others. This is because attackers do not need to use a lot of machines in order to carry out this type of attack, so the traffic to the website does not appear to be out of the ordinary.
State Exhaustion Attacks
State exhaustion attacks target the web servers, firewalls, and load balancers in an attempt to disrupt the connection. One of the most common types of state exhaustion attacks is the ping of death. The ping of death occurs when the attacker sends a 65,535-byte ping packet that has been fragmented into smaller pieces to the targeted website. When the targeted website begins to reassemble the ping packet, it causes a buffer overload, which in turn can crash the entire system.
Motivations Behind the Attacks
What motivates so many people to attack websites? Arbor Network, a security software company, recently conducted a survey to ask businesses their thoughts on what motivated attackers. Some respondents believed that many of the attacks were motivated by business or personal disputes, while others thought attacks were used to divert attention away from data theft. Regardless of the reasons, it’s important to be prepared for any attack that may come your way.
How to Protect Your Business
Businesses can be greatly affected by DDoS attacks. A massive DDoS attack can affect a brand’s reputation and cause them to miss out on doing business with potential customers. If your website is attacked, it can also be costly to bounce back and mitigate the situation, which is why it’s important to take preventative measures to protect your business.
First, you have to come to the realization that you may be a victim of a DDoS attack even if you are a small business. If you are attracting any traffic to your website, you are large enough to be targeted by attackers.
A simple way to detect attacks is to run a script on your server that sends you updates on the number of users who are visiting your website. If you check this frequently, you will be able to spot if there is more traffic than usual, which could indicate an attack. There are also programs available that will check your site’s availability and alert you if the site suddenly goes down. If you spot a DDoS attack, take a look at the packet capture, which logs the traffic coming into your website. You won’t be able to block each individual IP address that is attacking your site, but you may be able to find a pattern in the URL or referrer that you can block with your firewall.
There are also a variety of services which can prevent against an attack. When we build websites for our clients, one of the options we offer is a dual-layer DDoS protection which incorporates two different layers of protection, one prior to traffic reaching the web server, and one at the server level. This helps prevent the majority of DDoS attacks for our clients.
This is just one simple way of detecting and stopping a DDoS attack, but it may not work if the attack is complex. If you are interested in learning more about DDoS attacks and how to protect your website, contact us today to schedule a free consultation.